Problem with Iptables.

November 18, 2013 55.3k

By:

pawlo.gom

Hi. I have a problem with Iptables. I can`t use the command: sudo iptables -L, because the error is: FATAL: Could not load /lib/modules/3.2.0-55-virtual/modules.dep: No such file or directory iptables v1.4.12: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. I have installed on my droplet (system ubuntu 12.04) Zpanel and fail2ban according to this guide: https://digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04 Please, help me. Thank for every piece of advice!

3 comments

rodolfobarreto February 4, 2015
It solved my problem.

Thank so much
hexogen September 12, 2015
Won't to share. Do you?
hexogen September 12, 2015
Here is an answer:
sudo apt-get install linux-image-$(uname -r)

Log In to Comment

17 Answers

kamaln7 MOD January 15, 2014

@Leandro: You have to install the kernel that you're using:

sudo apt-get install linux-image-$(uname -r)

Once that's done, it should work. If it doesn't, try rebooting your droplet.

geekmails July 5, 2014
Thanks. Thats the one i needed.
it solved my problem.
Thanks a lot.

just use the following command guys

sudo apt-get install linux-image-$(uname -r)

kamaln7 MOD November 20, 2013

You must install the kernel package corresponding to the kernel you set your droplet to boot from (using our control panel).

phil2k January 16, 2018

The problem still exists in the latest version of the kernel selected for a dropbox with Ubuntu 16.04: "Ubuntu 16.04 x64 vmlinuz 4.4.0-28-generic", kernel modules becoming somehow "ephemeral" (disappearing after the reboot) + making the floating IP not working anymore:

# iptables -nvL
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.4.0-28-generic
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# uname -a
Linux do1 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Also I tryed to reinstall the packages linux-image-4.4.0-28-generic & linux-headers-4.4.0-28-generic, but after a reboot (or a cold restart of the droplet), the kernel modules needed for iptables are missing again, having to reinstall them by hand again.

Also, this effect somehow negatively affects the Floating IP, making not forwarding any more packets to the real IP of the droplet, than after I tried to reassing the IP (even with unassing & assing) only syn-packets are seen by the droplet:

# tcpdump -ni ens3 tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
01:09:12.412367 IP 46.229.168.74.13662 > 10.19.0.5.80: Flags [S], seq 4276730076, win 29200, options [mss 1460,sackOK,TS val 2958302465 ecr 0,nop,wscale 7], length 0
01:09:12.476775 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [SEW], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523651869 ecr 0,nop,wscale 7], length 0
01:09:12.976502 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:13.478790 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652120 ecr 0,nop,wscale 7], length 0
01:09:13.997644 IP 46.229.168.65.18120 > 10.19.0.5.80: Flags [S], seq 2115694078, win 29200, options [mss 1460,nop,wscale 8], length 0
01:09:14.656615 IP 46.229.168.79.41028 > 10.19.0.5.80: Flags [S], seq 2031893919, win 29200, options [mss 1460,sackOK,TS val 1861357496 ecr 0,nop,wscale 7], length 0
01:09:15.498728 IP 54.36.149.72.22052 > 10.19.0.5.80: Flags [S], seq 3676365313, win 29200, options [mss 1460,sackOK,TS val 523652625 ecr 0,nop,wscale 7], length 0

Than after a while, these packages are not seen anymore.

There's no firewall configured (after reinstalling the kernel modules by hand, there are no rules):

# apt-get install --reinstall linux-image-generic linux-headers-generic linux-image-`uname -r` linux-headers-`uname -r`
...
# iptables-save 
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*raw
:PREROUTING ACCEPT [409:29597]
:OUTPUT ACCEPT [279:41334]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*mangle
:PREROUTING ACCEPT [409:29597]
:INPUT ACCEPT [409:29597]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [281:42238]
:POSTROUTING ACCEPT [281:42238]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*nat
:PREROUTING ACCEPT [15:753]
:INPUT ACCEPT [15:753]
:OUTPUT ACCEPT [10:886]
:POSTROUTING ACCEPT [10:886]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018
# Generated by iptables-save v1.6.0 on Tue Jan 16 01:18:13 2018
*filter
:INPUT ACCEPT [1460:132563]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1196:222500]
COMMIT
# Completed on Tue Jan 16 01:18:13 2018

joshuaschmelzle July 4, 2018

Has anyone solved this issue? I'm running into the same issue phil2k is describing. I'm having problems figuring out the solution.

pablo November 18, 2013

Check out How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.

How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server

by Shaun Lewis

Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.

vps November 18, 2013

Did you update your kernel by chance?

I had a similar problem with playing around with new kernel. Any update would break UFW.

Never bothered to try to find correct answer just moved kernel back to default.

kamaln7 MOD November 20, 2013

In your case it would be 3.2.0-55-virtual

will-v-king December 12, 2013

in my case, uname said the kernel is 3.2.0-55-virtual .
and it is 3.2.0-55-virtual in my control panel - settings - kernel.
but still got the error:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
FATAL: Could not load /lib/modules/3.2.0-55-virtual/modules.dep: No such file or directory
iptables v1.4.12: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

will-v-king December 12, 2013

oh, I found the problem:
ls /lib/modules/
3.2.0-23-virtual

lpcorrea January 15, 2014

Hi Will, I´m having the same problem whit the same version, how do I update/upgrade the /lib/modules? In my case under this folder I have two folders (3.2.0-24-virtual and 3.2.0-48-virtual) and I´m using 3.2.0-55-virtual as you...

martin.jozef March 23, 2014

Kamal Nasser, Thank you for the no hassle solution. It worked, ufw started working again after a reboot.

dustinmatlock April 7, 2014

I'm having the same issue. I've not changed the kernal from what was installed.

chas.snider May 1, 2014

I moved it back to the default, but it still doesn't work.

uname -r
3.5.0-17-generic
ls /lib/modules/
drwxr-xr-x 4 root root 4096 May 1 11:03 3.5.0-17-generic

modprobe ip_tables
FATAL: Error inserting ip_tables (/lib/modules/3.5.0-17-generic/kernel/net/ipv4/netfilter/ip_tables.ko): Operation not permitted

FATAL: Error inserting ip_tables (/lib/modules/3.5.0-17-generic/kernel/net/ipv4/netfilter/ip_tables.ko): Operation not permitted
iptables v1.4.12: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

asb MOD May 1, 2014

@chas.snider: It sounds like there is a mismatch between the kernel you have installed and the kernel selected in the DigitalOcean panel. Make sure the versions match.

sdpagent August 14, 2014

sudo apt-get install linux-image-$(uname -r)

fixed the issue for me

Thanks @Kamal

quim October 26, 2015

sudo apt-get install linux-image-$(uname -r)

worked for me also! thanks!

Johnnierock August 15, 2016

What is the process for a solution for Centos 7?
Looks like I was in panic mode when I posted this question. I did correct the issue by injecting the new kernel from the management section and powered down and back up. Evidently the kernel is independently managed and I did not know that.

simplylizz June 26, 2017

Another advice is to try reinstall kernel:
sudo apt-get install --reinstall linux-image-$(uname -r)

Have another answer? Share your knowledge.